Using threat modeling to select and justify security purchases

Hot humint straight in from the field of data security. I don’t have Symantec’s marketing budget and head count or  Gartner reports telling me  that enterprise concerns about high impact data loss events are up.  By my clients, data security awareness is up, but budgets are down and out. I think that vendors with strong […]

Tell your friends and colleagues about us. Thanks!
Share this

Business threat modeling

These are dangerous times for a business. Every day brings another threat. The sub-prime crisis, the crash of world financial markets, the price of oil (going way up and now going down again), an impending crash of the US sub-prime credit card market (like how long can you charge 35% over the top interest rates?), […]

Tell your friends and colleagues about us. Thanks!
Share this

Auditing healthcare IT security and privacy with multiple threat scenarios

Is there a way to break out of the security checklist mentality? IT security auditors commonly use  standard/fixed checklists, often based on the compliance regulation being audited: the HIPAA Security Rule or  ISO 27001 for example; In this article we suggest considering an alternative approach based on generating and analyzing multiple threat scenarios for the […]

Tell your friends and colleagues about us. Thanks!
Share this

How to assess risk – Part II: Use attack modeling to collect data

In my article – “How to assess risk – Part I: Asking the right questions”, I talked about using attack modeling as a tool to collect data instead of using self-assessment check lists. In this article, I’ll drill down into some of the details and provide some guidelines on how to actually use attack modeling […]

Tell your friends and colleagues about us. Thanks!
Share this

The top 2 responses to data security threats

How does your company mitigate the risk of data security threats? Is your company management adopting a policy of “It’s other peoples money”? In a recent thread on LinkedIn – Jody Keyser shared some quotes from David Vose’s book on risk, reliability and computerized risk modeling:  Risk Analysis a quantitative guide. The responses to correctly identified […]

Tell your friends and colleagues about us. Thanks!
Share this

The financial impact of cyber threats

Kudos to ANSI for publishing a free guide to calculating cyber risk. Better late than never – thousands of security professionals in the world use the Microsoft Threat Modeling Tool and the popular free threat modeling software PTA, to calculate risk in financial terms – not to mention the thousands of other users of risk […]

Tell your friends and colleagues about us. Thanks!
Share this

PCI DSS is a standard for the card associations not for your business

  I recently saw a post from a blog on a corporate web site from a company called Cloud compliance, entitled “Compliance is the New Security Standard“. Cloud Compliance provides a SaaS-based identity and Access Assessment (IdAA) solution that helps identify and remediate access control and entitlement policy violations. We combine the economies of cloud […]

Tell your friends and colleagues about us. Thanks!
Share this
Security is not fortune telling

The top 5 things a medical device vendor should do for HIPAA compliance

We specialize in software security assessments, FDA cyber-security and HIPAA compliance for medical device vendors in Israel. The first question that every medical device vendor CEO asks us is “What is the fastest and cheapest way for us to be HIPAA-compliant”? So here are the top 5 things a medical device vendor should do in order to […]

Tell your friends and colleagues about us. Thanks!
Share this
Protecting your blackberry

How to Save Your Data and Reputation if You Lose Your BlackBerry

5 years ago, an analysis we did of 150 data breach events showed that over 40% of the data breach events were due to stolen or lost hardware devices (Download the free research article on data breach here Business Threat Modeling Study). Stolen or lost devices were in a close second place to data being stolen […]

Tell your friends and colleagues about us. Thanks!
Share this
hipaa cloud security

Is your HIPAA security like a washing machine?

Is your HIPAA security management like a washing machine? Most security appliance vendors use fluffy charts with a 4 step “information risk management” cycle. It’s always a 4 step cycle, like “Discover, Monitor, Protect and Manage” and it’s usually on a circular chart but sometimes in a Gartner-style magic quadrant or on a line. It’s […]

Tell your friends and colleagues about us. Thanks!
Share this